There may be no fish or rod in sight, but there is often a ‘catch of the day’ for criminals. Using this technique, they steal by tricking internet and email users into disclosing their personal details.

What is a phishing attack?

A phishing attack is a specific form of cyber crime. The criminal creates an almost 100 percent perfect replica of a chosen financial institution’s website, then attempts to trick the user in to disclosing their personal details – username, password, PIN etc – via a form on the fake website, allowing the criminal to use the details to obtain money.

Phishers use various techniques to trick users in to accessing the fake website, such as sending emails that pretend to be from a bank. These emails often use legitimate logos, a good business style and often spoof the header of the email to make it look like it came from a legitimate bank. In general, these letters inform recipients that the bank has changed its IT infrastructure and asks all customers to re-confirm their user information. When the recipient clicks on the link in the email, they are directed to the fake website, where they are prompted to divulge their personal information.

How can I protect myself from a phishing attack?

There are several steps you can take to protect your computer from today’s cyber threats. Following the simple guidelines below will help minimise the risk of attack.

Be very wary of any email messages asking for personal information. It’s highly unlikely that your bank will request such information by email. If in doubt, call them to check!

Don’t complete a form in an email message asking for personal information. Only enter such information using a secure website. Check that the URL starts with ‘https://’, rather than just ‘http://’. Look for the lock symbol on the lower right-hand corner of the web browser and double-click it to check the validity of the digital certificate. Or, alternatively, use the telephone to conduct your banking.

Report anything suspicious to your bank immediately.

Don’t use links in an email message to load a web page. Instead, type the URL into your web browser.

Check if your anti-virus program blocks phishing sites, or consider installing a web browser tool bar that alerts you to known phishing attacks.